use of org.ldaptive.LdapAttribute in project cas by apereo.
the class Beans method newLdaptiveBlockingConnectionPool.
/**
* New blocking connection pool connection pool.
*
* @param l the l
* @return the connection pool
*/
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
final PoolConfig pc = newLdaptivePoolConfig(l);
final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
cp.setBlockWaitTime(newDuration(l.getBlockWaitTime()));
cp.setPoolConfig(pc);
final IdlePruneStrategy strategy = new IdlePruneStrategy();
strategy.setIdleTime(newDuration(l.getIdleTime()));
strategy.setPrunePeriod(newDuration(l.getPrunePeriod()));
cp.setPruneStrategy(strategy);
switch(l.getValidator().getType().trim().toLowerCase()) {
case "compare":
final CompareRequest compareRequest = new CompareRequest();
compareRequest.setDn(l.getValidator().getDn());
compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
compareRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new CompareValidator(compareRequest));
break;
case "none":
LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
break;
case "search":
default:
final SearchRequest searchRequest = new SearchRequest();
searchRequest.setBaseDn(l.getValidator().getBaseDn());
searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
searchRequest.setSearchScope(l.getValidator().getScope());
searchRequest.setSizeLimit(1L);
searchRequest.setReferralHandler(new SearchReferralHandler());
cp.setValidator(new SearchValidator(searchRequest));
break;
}
cp.setFailFastInitialize(l.isFailFast());
if (StringUtils.isNotBlank(l.getPoolPassivator())) {
final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
switch(pass) {
case CLOSE:
cp.setPassivator(new ClosePassivator());
break;
case BIND:
final BindRequest bindRequest = new BindRequest();
bindRequest.setDn(l.getBindDn());
bindRequest.setCredential(new Credential(l.getBindCredential()));
cp.setPassivator(new BindPassivator(bindRequest));
break;
default:
break;
}
}
LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
cp.initialize();
return cp;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class DefaultAccountStateHandler method handlePolicyAttributes.
/**
* Maps boolean attribute values to their corresponding exception.
* This handles ad-hoc password policies.
*
* @param response the authentication response.
*/
protected void handlePolicyAttributes(final AuthenticationResponse response) {
final Collection<LdapAttribute> attrs = response.getLdapEntry().getAttributes();
for (final LdapAttribute attr : attrs) {
if (this.attributesToErrorMap.containsKey(attr.getName()) && Boolean.parseBoolean(attr.getStringValue())) {
final Class<LoginException> clazz = this.attributesToErrorMap.get(attr.getName());
final LoginException ex = (LoginException) ClassUtils.newInstance(clazz);
if (ex != null) {
throw Throwables.propagate(ex);
}
}
}
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUserAttributesToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.
@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
if (userEntry.getAttributes().isEmpty()) {
throw new IllegalStateException("No attributes are retrieved for this user.");
}
final LdapAttribute attribute = userEntry.getAttribute(this.roleAttribute);
if (attribute == null) {
throw new IllegalStateException("Configured role attribute cannot be found for this user");
}
addProfileRoles(userEntry, profile, attribute, this.rolePrefix);
return profile;
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class LdapUserGraphicalAuthenticationRepository method getGraphics.
@Override
public ByteSource getGraphics(final String username) {
try {
final GraphicalUserAuthenticationProperties gua = casProperties.getAuthn().getGua();
final Response<SearchResult> response = searchForId(username);
if (LdapUtils.containsResultEntry(response)) {
final LdapEntry entry = response.getResult().getEntry();
final LdapAttribute attribute = entry.getAttribute(gua.getLdap().getImageAttribute());
if (attribute != null && attribute.isBinary()) {
return ByteSource.wrap(attribute.getBinaryValue());
}
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return ByteSource.empty();
}
use of org.ldaptive.LdapAttribute in project cas by apereo.
the class AbstractX509LdapTests method populateCertificateRevocationListAttribute.
/**
* Populate certificate revocation list attribute.
* Dynamically set the attribute value to the crl content.
* Encode it as base64 first. Doing this in the code rather
* than in the ldif file to ensure the attribute can be populated
* without dependencies on the classpath and or filesystem.
* @throws Exception the exception
*/
private static void populateCertificateRevocationListAttribute() throws Exception {
final Collection<LdapEntry> col = getDirectory().getLdapEntries();
for (final LdapEntry ldapEntry : col) {
if (ldapEntry.getDn().equals(DN)) {
final LdapAttribute attr = new LdapAttribute(true);
byte[] value = new byte[1024];
IOUtils.read(new ClassPathResource("userCA-valid.crl").getInputStream(), value);
value = EncodingUtils.encodeBase64ToByteArray(value);
attr.setName("certificateRevocationList");
attr.addBinaryValue(value);
LdapTestUtils.modifyLdapEntry(getDirectory().getConnection(), ldapEntry, attr);
}
}
}
Aggregations